X.Org Server Hit By Its Latest Batch Of Security Vulnerabilities

Written by Michael Larabel in X.Org on 14 December 2021 at 08:44 AM EST. 53 Comments
X.ORG
Given the age of the X.Org/X11 code-base security issues have become quite frequent. It was nearly a decade ago that the X.Org Server was considered a "security disaster" and a security researcher saying it's even worse than it looks. Today another batch of X.Org Server security vulnerabilities have been made public.

Four more CVEs were made public today around input validation failures in the X.Org Server that could lead to local privilege escalation. This is for cases where the X.Org Server is still running as a privileged process and supporting remote code execution for SSH X forwarding sessions.

The security issues involve out-of-bounds writes with different aspects of the X.Org Server around render, xfices, xext, and record code.
* CVE-2021-4008/ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds access

The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write.

* CVE-2021-4009/ZDI-CAN 14950 SProcXFixesCreatePointerBarrier out-of-bounds access

The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write.

* CVE-2021-4010/ZDI-CAN-14951 SProcScreenSaverSuspend out-of-bounds access

The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to out of bounds memory write.

* CVE-2021-4011/ZDI-CAN-14952 SwapCreateRegister out-of-bounds access

The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write.

These latest vulnerabilities were found as part of the Trend Micro Zero Day Initiative. Fixes are pending in X.Org Server Git.

More details via the security advisory.

These security advisories do impact XWayland for which XWayland 21.1.4 saw an update this morning.
53 Comments
Related News
xcompmgr 1.1.10 Released For Classic "Eye Candy" Compositor On X.Org
Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years
It's Taken Until 2024 To Add FreeBSD To X.Org Continuous Integration Testing
libX11 1.8.10 Brings Memory Safety Fixes
X.Org Testing Ground Expands Its Scope To Illumos/OpenIndiana
X.Org Server Patches Look To Cleanup VRR Handling, Make It Xinerama-Aware
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features
NTSYNC Linux Patches Revived To Help Boost Steam Play Gaming Performance
Rust-Based, Memory-Safe PNG Decoders "Vastly Outperform" C-Based PNG Libraries